From 9f106578ec3863d243191529335b18c40548f55a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 1 Sep 2023 20:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-01T20:00:25.380934+00:00 --- CVE-2022/CVE-2022-467xx/CVE-2022-46783.json | 69 +- CVE-2023/CVE-2023-15xx/CVE-2023-1523.json | 55 + CVE-2023/CVE-2023-333xx/CVE-2023-33317.json | 47 +- CVE-2023/CVE-2023-333xx/CVE-2023-33325.json | 47 +- CVE-2023/CVE-2023-338xx/CVE-2023-33876.json | 6 +- CVE-2023/CVE-2023-340xx/CVE-2023-34032.json | 48 +- CVE-2023/CVE-2023-341xx/CVE-2023-34174.json | 47 +- CVE-2023/CVE-2023-341xx/CVE-2023-34175.json | 59 +- CVE-2023/CVE-2023-341xx/CVE-2023-34176.json | 47 +- CVE-2023/CVE-2023-341xx/CVE-2023-34180.json | 47 +- CVE-2023/CVE-2023-34xx/CVE-2023-3453.json | 49 +- CVE-2023/CVE-2023-357xx/CVE-2023-35785.json | 1415 ++++++++++++++++++- CVE-2023/CVE-2023-393xx/CVE-2023-39348.json | 71 +- CVE-2023/CVE-2023-397xx/CVE-2023-39714.json | 28 + CVE-2023/CVE-2023-401xx/CVE-2023-40170.json | 64 +- CVE-2023/CVE-2023-401xx/CVE-2023-40185.json | 76 +- CVE-2023/CVE-2023-405xx/CVE-2023-40586.json | 64 +- CVE-2023/CVE-2023-410xx/CVE-2023-41051.json | 63 + CVE-2023/CVE-2023-411xx/CVE-2023-41109.json | 82 +- CVE-2023/CVE-2023-411xx/CVE-2023-41121.json | 82 +- CVE-2023/CVE-2023-415xx/CVE-2023-41559.json | 130 +- CVE-2023/CVE-2023-415xx/CVE-2023-41563.json | 103 +- CVE-2023/CVE-2023-416xx/CVE-2023-41633.json | 24 + CVE-2023/CVE-2023-45xx/CVE-2023-4596.json | 39 +- CVE-2023/CVE-2023-45xx/CVE-2023-4597.json | 59 +- CVE-2023/CVE-2023-45xx/CVE-2023-4599.json | 59 +- CVE-2023/CVE-2023-46xx/CVE-2023-4611.json | 87 +- CVE-2023/CVE-2023-46xx/CVE-2023-4624.json | 67 +- CVE-2023/CVE-2023-46xx/CVE-2023-4652.json | 56 +- CVE-2023/CVE-2023-46xx/CVE-2023-4653.json | 56 +- CVE-2023/CVE-2023-46xx/CVE-2023-4655.json | 56 +- CVE-2023/CVE-2023-47xx/CVE-2023-4707.json | 84 ++ CVE-2023/CVE-2023-47xx/CVE-2023-4708.json | 84 ++ CVE-2023/CVE-2023-47xx/CVE-2023-4709.json | 84 ++ README.md | 76 +- 35 files changed, 3376 insertions(+), 154 deletions(-) create mode 100644 CVE-2023/CVE-2023-15xx/CVE-2023-1523.json create mode 100644 CVE-2023/CVE-2023-397xx/CVE-2023-39714.json create mode 100644 CVE-2023/CVE-2023-410xx/CVE-2023-41051.json create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41633.json create mode 100644 CVE-2023/CVE-2023-47xx/CVE-2023-4707.json create mode 100644 CVE-2023/CVE-2023-47xx/CVE-2023-4708.json create mode 100644 CVE-2023/CVE-2023-47xx/CVE-2023-4709.json diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46783.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46783.json index 3a203466339..b8050a6ab4b 100644 --- a/CVE-2022/CVE-2022-467xx/CVE-2022-46783.json +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46783.json @@ -2,23 +2,82 @@ "id": "CVE-2022-46783", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T12:15:08.817", - "lastModified": "2023-08-28T13:07:56.260", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T19:03:25.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stormshield:ssl_vpn_client:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.2.0", + "matchCriteriaId": "4FB6E817-FE92-41D4-9E28-E0CD487CE963" + } + ] + } + ] + } + ], "references": [ { "url": "https://advisories.stormshield.eu/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://advisories.stormshield.eu/2022-029/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1523.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1523.json new file mode 100644 index 00000000000..ba480edc4e6 --- /dev/null +++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1523.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-1523", + "sourceIdentifier": "security@ubuntu.com", + "published": "2023-09-01T19:15:42.707", + "lastModified": "2023-09-01T19:15:42.707", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523", + "source": "security@ubuntu.com" + }, + { + "url": "https://github.com/snapcore/snapd/pull/12849", + "source": "security@ubuntu.com" + }, + { + "url": "https://marc.info/?l=oss-security&m=167879021709955&w=2", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-6125-1", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33317.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33317.json index 172f0228ff1..c6785484a2d 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33317.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33317.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33317", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-30T13:15:12.100", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-01T18:38:41.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woocommerce:returns_and_warranty_requests:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.6", + "matchCriteriaId": "2A312D93-DE6D-4C13-BE5A-23D14C58E902" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33325.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33325.json index 7c755035cfd..5202e761e10 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33325.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33325.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33325", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-30T13:15:12.373", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-01T19:05:34.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:te-st:leyka:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.30.1", + "matchCriteriaId": "E8694F5E-8905-41DA-98A1-A37B0881EAB6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33876.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33876.json index 813c5e3d742..6a535c9ae3d 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33876.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33876.json @@ -2,12 +2,12 @@ "id": "CVE-2023-33876", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-07-19T14:15:10.393", - "lastModified": "2023-07-26T21:04:42.287", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-01T18:15:07.427", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled." + "value": "A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34032.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34032.json index 5fb69464310..771c596e891 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34032.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34032.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34032", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-30T15:15:08.980", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T19:15:40.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:casier:bbpress_toolkit:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.12", + "matchCriteriaId": "D2A99153-F084-4A08-95AF-E8D580AF5DF1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bbp-toolkit/wordpress-bbpress-toolkit-plugin-1-0-12-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34174.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34174.json index e84815aa209..5f79fa35492 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34174.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34174.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34174", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-30T14:15:08.747", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T19:37:34.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bbsetheme:bbs_e-popup:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.4.5", + "matchCriteriaId": "DE2912A8-C351-483F-A5FF-423458EE4AB2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bbs-e-popup/wordpress-bbs-e-popup-plugin-2-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34175.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34175.json index 3152f2ee854..c56a5c42f52 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34175.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34175.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34175", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-30T14:15:09.013", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T19:36:10.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:login_configurator_project:login_configurator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1", + "matchCriteriaId": "4D1F3C1F-E34A-467B-8939-DBB7C01CC574" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/login-configurator/wordpress-login-configurator-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34176.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34176.json index 38d2f731a6e..9e96eead880 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34176.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34176.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34176", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-30T14:15:09.253", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T19:24:19.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:chilexpress:chilexpress-oficial:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.9", + "matchCriteriaId": "D1C380FB-BEB0-417F-9063-956A33D2B1C3" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/chilexpress-oficial/wordpress-chilexpress-woo-oficial-plugin-1-2-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-341xx/CVE-2023-34180.json b/CVE-2023/CVE-2023-341xx/CVE-2023-34180.json index 4daf6871b00..a789a98cab1 100644 --- a/CVE-2023/CVE-2023-341xx/CVE-2023-34180.json +++ b/CVE-2023/CVE-2023-341xx/CVE-2023-34180.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34180", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-30T14:15:09.473", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T19:22:34.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kaplugins:free-google-fonts:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.0.0", + "matchCriteriaId": "B2F7528C-E25F-4393-B328-E4ADBC97A326" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/free-google-fonts/wordpress-google-fonts-for-wordpress-plugin-3-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3453.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3453.json index 3a7193383b5..9d51a01f3c3 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3453.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3453.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3453", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-08-23T22:15:08.930", - "lastModified": "2023-08-24T02:02:17.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:11:49.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +66,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:etictelecom:remote_access_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.7.0", + "matchCriteriaId": "9AC4E7AE-3B13-4E78-8C62-5B6B452DC10F" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Patch", + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35785.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35785.json index 8943a18dbe1..7030db104d9 100644 --- a/CVE-2023/CVE-2023-357xx/CVE-2023-35785.json +++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35785.json @@ -2,23 +2,1428 @@ "id": "CVE-2023-35785", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T20:15:08.033", - "lastModified": "2023-08-29T05:18:54.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:37:42.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.3", + "matchCriteriaId": "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*", + "matchCriteriaId": "1179FC2E-0FCC-4744-85A7-1D68AE742FEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*", + "matchCriteriaId": "F05F8E9D-1880-4B94-922E-BA61FA112945" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*", + "matchCriteriaId": "F336B0C2-1F99-4BC7-828B-02E432CB0723" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*", + "matchCriteriaId": "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*", + "matchCriteriaId": "46A96B82-49E1-4392-BDCF-CC9753D67A4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*", + "matchCriteriaId": "837BF464-6D18-4267-8913-D7937C91789B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*", + "matchCriteriaId": "0243CA85-B856-4ED9-BCD0-5EAB182862CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*", + "matchCriteriaId": "FB216CD0-B3BD-434D-8FC6-BB60408C128A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4310:*:*:*:*:*:*", + "matchCriteriaId": "9A24DBF5-EBC0-49DB-B253-1098BF1C6180" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4312:*:*:*:*:*:*", + "matchCriteriaId": "9E5C2FC4-A020-42C8-958D-603C82E9F0B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4313:*:*:*:*:*:*", + "matchCriteriaId": "D94DE7F6-9231-48F5-8B3F-D8D34594CBB9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4314:*:*:*:*:*:*", + "matchCriteriaId": "27C465F6-F7F2-4FBD-B12F-4795EB47842C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4315:*:*:*:*:*:*", + "matchCriteriaId": "27BCB134-B415-481F-BBDB-650F5AD65EDA" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.2", + "matchCriteriaId": "E802FD77-E67A-438C-82CE-9FC7536FB14E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*", + "matchCriteriaId": "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*", + "matchCriteriaId": "237AA2F5-B9A3-4C40-92AC-61FE47A017BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*", + "matchCriteriaId": "4C23A64C-65CB-447B-9B5F-4BB22F68FC79" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.2", + "matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*", + "matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.9", + "matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*", + "matchCriteriaId": "258BF334-DE00-472D-BD94-C0DF8CDAF53C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", + "matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", + "matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", + "matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", + "matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", + "matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", + "matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", + "matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", + "matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", + "matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", + "matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", + "matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", + "matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", + "matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", + "matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", + "matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", + "matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", + "matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", + "matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", + "matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", + "matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", + "matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", + "matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", + "matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", + "matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", + "matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", + "matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*", + "matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", + "matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", + "matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*", + "matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*", + "matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*", + "matchCriteriaId": "03A34ED3-EC89-4BE3-8A99-A5727A154672" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*", + "matchCriteriaId": "4E84EF2B-37A5-4499-8C16-877E8AB8A731" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*", + "matchCriteriaId": "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*", + "matchCriteriaId": "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*", + "matchCriteriaId": "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*", + "matchCriteriaId": "356CA7C7-993F-4D5D-9FAB-9E5475878D53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6989:*:*:*:*:*:*", + "matchCriteriaId": "82F1AAC1-E49B-4580-9569-AD9B1E649A9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6990:*:*:*:*:*:*", + "matchCriteriaId": "D971F57C-820C-4391-A15C-80A4901BC358" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6991:*:*:*:*:*:*", + "matchCriteriaId": "3EAA3D29-2763-4201-9471-A0874727F40B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6992:*:*:*:*:*:*", + "matchCriteriaId": "B632C001-CE54-4C22-AB99-7919D8902FDB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6993:*:*:*:*:*:*", + "matchCriteriaId": "648277D7-3CDD-455B-95D3-CBD9A3A82C62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7000:*:*:*:*:*:*", + "matchCriteriaId": "1E01D48C-A95F-421E-A6FA-D299D6BE02B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7001:*:*:*:*:*:*", + "matchCriteriaId": "727BD3A4-F0E1-4656-A640-B32406324707" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1", + "matchCriteriaId": "5618AEE3-0F6A-47CC-9783-DF9B5C8AC12F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*", + "matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*", + "matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*", + "matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*", + "matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*", + "matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*", + "matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*", + "matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*", + "matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*", + "matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*", + "matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4110:*:*:*:*:*:*", + "matchCriteriaId": "C31E2485-2F3A-4BC1-92CC-F7DCB464B5D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4111:*:*:*:*:*:*", + "matchCriteriaId": "99C928C2-4711-4765-BDF2-E7FB448F5771" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4112:*:*:*:*:*:*", + "matchCriteriaId": "EDF77387-21C7-45CA-B843-EBA956EE2BB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4113:*:*:*:*:*:*", + "matchCriteriaId": "5C2C0067-538B-4102-8B4E-603BD4CE8F86" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4115:*:*:*:*:*:*", + "matchCriteriaId": "DAF47C10-AAE9-40CF-A033-44D54A81E69F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4116:*:*:*:*:*:*", + "matchCriteriaId": "36D0331C-58EA-4B68-88C4-7A193BE5C62E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4117:*:*:*:*:*:*", + "matchCriteriaId": "3CA59781-E48C-487E-B3AF-96560F3152EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4118:*:*:*:*:*:*", + "matchCriteriaId": "E4812B9E-15CA-4700-9115-EAE0A97F0E3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4119:*:*:*:*:*:*", + "matchCriteriaId": "CE513A2B-0371-4D3C-A502-CDA3DB474F3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4120:*:*:*:*:*:*", + "matchCriteriaId": "5E498ACE-8332-4824-9AFE-73975D0AC9EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4121:*:*:*:*:*:*", + "matchCriteriaId": "F070B928-CF57-4502-BE26-AD3F13A6ED4B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4122:*:*:*:*:*:*", + "matchCriteriaId": "635D24F2-9C60-4E1A-BD5F-E5312FA953A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4130:*:*:*:*:*:*", + "matchCriteriaId": "5E983854-36F8-407F-95C8-E386E0F82366" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4131:*:*:*:*:*:*", + "matchCriteriaId": "29BFE206-CAB1-41CA-B5A5-E8CB67BCCA4A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4140:*:*:*:*:*:*", + "matchCriteriaId": "7820751F-E181-4BB7-8DAF-BF21129B24D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4141:*:*:*:*:*:*", + "matchCriteriaId": "14ADB666-EEB9-4C6D-93F4-5A45EBA55705" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4150:*:*:*:*:*:*", + "matchCriteriaId": "93C4B398-8F9A-44AC-8E43-C4C471DE9565" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4160:*:*:*:*:*:*", + "matchCriteriaId": "47FD0E59-3D75-4CF5-81A6-20C3B7FDE962" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4161:*:*:*:*:*:*", + "matchCriteriaId": "C7EF76FE-3FD9-4548-A372-22E280484ECB" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1", + "matchCriteriaId": "93C3ECBE-AE6A-4E5B-822B-2F905AA806DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6100:*:*:*:*:*:*", + "matchCriteriaId": "DFEB1B4D-A7B2-464A-BEA7-5754D3BE1F50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6101:*:*:*:*:*:*", + "matchCriteriaId": "C12C9470-3D3B-426E-93F9-79D8B9B25F69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6110:*:*:*:*:*:*", + "matchCriteriaId": "227F1242-E0A9-45C5-9198-FD8D01F68ABF" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "12.3.0", + "matchCriteriaId": "1D262240-1B28-4B7C-B673-C10DD878D912" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12300:*:*:*:*:*:*", + "matchCriteriaId": "39F6B49B-8531-4A62-B0D9-C1BCD728D4A7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12301:*:*:*:*:*:*", + "matchCriteriaId": "F2769404-4E8A-478C-9328-269E2C334E31" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.7", + "matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*", + "matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*", + "matchCriteriaId": "34D23B58-2BB8-40EE-952C-1595988335CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*", + "matchCriteriaId": "322920C4-4487-4E44-9C40-2959F478A4FA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*", + "matchCriteriaId": "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*", + "matchCriteriaId": "014DB85C-DB28-4EBB-971A-6F8F964CE6FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*", + "matchCriteriaId": "5E9B0013-ABF8-4616-BC92-15DF9F5CB359" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*", + "matchCriteriaId": "5B744F32-FD43-47B8-875C-6777177677CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*", + "matchCriteriaId": "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*", + "matchCriteriaId": "D3012C17-87F5-4FFD-B67B-BEFF2A390613" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*", + "matchCriteriaId": "1E33D368-2D81-4C7E-9405-7C0A86E97217" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.3", + "matchCriteriaId": "30B83EF5-BEF1-4636-9B3C-AE41E6010F2C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5300:*:*:*:*:*:*", + "matchCriteriaId": "CF4D70E8-77A6-4F51-A15B-28299D43B095" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5301:*:*:*:*:*:*", + "matchCriteriaId": "E03D403B-C904-482E-838C-D6595C5D27FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5302:*:*:*:*:*:*", + "matchCriteriaId": "FFEB1CB7-B9F7-463D-88F8-3A2E86264FFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5305:*:*:*:*:*:*", + "matchCriteriaId": "E4B18DCB-4A02-4DE6-9B19-D79299934D29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5310:*:*:*:*:*:*", + "matchCriteriaId": "2D34C6F9-2578-460F-AF34-2E9494BCDE3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5311:*:*:*:*:*:*", + "matchCriteriaId": "48E3DA1B-9FC6-4F07-9F89-6D71EF42FCFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5315:*:*:*:*:*:*", + "matchCriteriaId": "B2F48B91-FFD5-4AC4-A198-64870E47AE9A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4010:*:*:*:*:*:*", + "matchCriteriaId": "7001A0A7-159C-48A3-9800-DAFBA31D05BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4011:*:*:*:*:*:*", + "matchCriteriaId": "583B46D4-529F-404F-9CF3-4D7526889682" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4015:*:*:*:*:*:*", + "matchCriteriaId": "0D89C2A2-CE20-4954-8821-C73F9E3EC767" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4016:*:*:*:*:*:*", + "matchCriteriaId": "A6B8B05F-0ECD-41C1-9FFD-0ADCF4046D39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4020:*:*:*:*:*:*", + "matchCriteriaId": "233874F0-A19F-447C-ACE2-5DD06829C920" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4021:*:*:*:*:*:*", + "matchCriteriaId": "C4447E47-C6DB-440D-AF35-8130687E9BB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4023:*:*:*:*:*:*", + "matchCriteriaId": "405ECB05-7E35-4927-A19A-92A4B7FE8B1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4024:*:*:*:*:*:*", + "matchCriteriaId": "9F1EC2A5-7498-40F9-91A4-B004AEA1136C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4025:*:*:*:*:*:*", + "matchCriteriaId": "CEBB1CED-7B88-4E4B-89E8-E0E2B882E34C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4026:*:*:*:*:*:*", + "matchCriteriaId": "DD3B14B6-8329-43C4-AE42-13279E77275E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4027:*:*:*:*:*:*", + "matchCriteriaId": "7792B448-4D34-42F8-919C-344783D625E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4028:*:*:*:*:*:*", + "matchCriteriaId": "E297C040-0523-4A50-97AB-349880D5B3A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4030:*:*:*:*:*:*", + "matchCriteriaId": "F86FEB8D-8A75-4C92-947D-CA7EDF8E0F5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4031:*:*:*:*:*:*", + "matchCriteriaId": "A238ED1B-6C11-44C9-BDBF-8A724AB7FE1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4034:*:*:*:*:*:*", + "matchCriteriaId": "8ADCADB6-9764-4CA8-AB54-BCE6D0363E69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4035:*:*:*:*:*:*", + "matchCriteriaId": "6E0C9493-EB87-4197-AF8B-BCA25488BCDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4036:*:*:*:*:*:*", + "matchCriteriaId": "E4FD31D3-69EB-4699-B31B-C18A0EA9D9C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4040:*:*:*:*:*:*", + "matchCriteriaId": "FBD7855F-4B66-4F43-960C-73E69C52E865" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4043:*:*:*:*:*:*", + "matchCriteriaId": "0C9C8B4D-CFFE-4CB4-8F11-FC778462CB10" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4045:*:*:*:*:*:*", + "matchCriteriaId": "36A68C2E-978A-4F82-AC61-E9E7CA9908A9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5", + "matchCriteriaId": "A9BB59DF-8786-4DC0-9254-F88417CA7077" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4500:*:*:*:*:*:*", + "matchCriteriaId": "6BA1E99E-789C-4FDD-AA89-4C5391B95320" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4502:*:*:*:*:*:*", + "matchCriteriaId": "7EA6EC34-6702-4D1A-8C63-5026416E01A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4503:*:*:*:*:*:*", + "matchCriteriaId": "0720F912-A070-43E9-BD23-4FAD00026DCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4504:*:*:*:*:*:*", + "matchCriteriaId": "161C81D2-7281-4F89-9944-1B468B06C264" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4505:*:*:*:*:*:*", + "matchCriteriaId": "718EEA01-B792-4B7E-946F-863F846E8132" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4507:*:*:*:*:*:*", + "matchCriteriaId": "DB72E7C9-FAC6-43E8-AC2A-5A7CBEAB919E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4508:*:*:*:*:*:*", + "matchCriteriaId": "47BBC46A-16C7-4E9B-A49A-8101F3039D0C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4509:*:*:*:*:*:*", + "matchCriteriaId": "D989FB08-624D-406B-8F53-A387900940F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4510:*:*:*:*:*:*", + "matchCriteriaId": "8ADB6CFE-1915-488C-93FE-96E8DF3655F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4511:*:*:*:*:*:*", + "matchCriteriaId": "EDCCB442-D0E4-47C7-A558-36657A70B3CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4512:*:*:*:*:*:*", + "matchCriteriaId": "8794F807-1D50-44D4-8969-FD68EFF2F643" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4513:*:*:*:*:*:*", + "matchCriteriaId": "AFA2B4BA-1FBF-4C2E-872E-AD14084D1D56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4514:*:*:*:*:*:*", + "matchCriteriaId": "6976DCDA-E27A-4367-8EFE-74DC6F63018F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4516:*:*:*:*:*:*", + "matchCriteriaId": "101908A5-CAEF-44F8-A6C8-FE01CA9FA836" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4517:*:*:*:*:*:*", + "matchCriteriaId": "F957BE56-474A-4593-8710-F86DB13C7407" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4518:*:*:*:*:*:*", + "matchCriteriaId": "B8479442-1A4A-4F27-9778-664C7693C815" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4519:*:*:*:*:*:*", + "matchCriteriaId": "EEF00ADC-105F-4B7E-857B-17565D67C7D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4520:*:*:*:*:*:*", + "matchCriteriaId": "CA292949-6E99-49A5-94F7-23448494F5C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4523:*:*:*:*:*:*", + "matchCriteriaId": "863CBE20-60A5-4A08-BF16-4E40E88B9AB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4525:*:*:*:*:*:*", + "matchCriteriaId": "28A105B4-7BF0-4054-AAE7-8453E13E2B63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4527:*:*:*:*:*:*", + "matchCriteriaId": "94C78301-44B7-45B2-836E-15E45FAC8625" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4528:*:*:*:*:*:*", + "matchCriteriaId": "F408067C-13C1-40BE-8488-9EB7FF0EDF9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4529:*:*:*:*:*:*", + "matchCriteriaId": "A83FBC34-E024-47DA-AD8A-BF569F1F7EE9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5", + "matchCriteriaId": "E4282B6D-6C85-4F13-B789-E641FB5986FE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4500:*:*:*:*:*:*", + "matchCriteriaId": "A160274C-F07A-43D9-A4DB-8773F004B9B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4502:*:*:*:*:*:*", + "matchCriteriaId": "341DF953-3DC7-476E-A79D-8CBD011C52A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4503:*:*:*:*:*:*", + "matchCriteriaId": "AB6582AC-03DB-4905-BD03-EEDC314EB289" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4504:*:*:*:*:*:*", + "matchCriteriaId": "2C3F1FDE-41F7-4541-B0F7-00DB7994ACB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4505:*:*:*:*:*:*", + "matchCriteriaId": "92ADF3D2-0051-46E9-BF7A-7D429ABEC09A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4507:*:*:*:*:*:*", + "matchCriteriaId": "1592B321-1D60-418D-9CD8-61AEA57D8D90" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4508:*:*:*:*:*:*", + "matchCriteriaId": "E582FA9F-A043-4193-961D-A49159F1C921" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4509:*:*:*:*:*:*", + "matchCriteriaId": "F3A22F3D-C45F-4FD5-8EEC-3BF2EDA807A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4510:*:*:*:*:*:*", + "matchCriteriaId": "28EAB920-2F01-483E-9492-97DBFBD7535F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4511:*:*:*:*:*:*", + "matchCriteriaId": "92F1D0A8-8761-4876-92C1-EE9F6BF61C4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4512:*:*:*:*:*:*", + "matchCriteriaId": "37976BE2-4233-46F7-B6BB-EFA778442AFE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4513:*:*:*:*:*:*", + "matchCriteriaId": "A0FF0731-4694-427A-8C9A-EBA7AEF6F1D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4514:*:*:*:*:*:*", + "matchCriteriaId": "C069FF04-4061-4560-BA55-1784312047A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4516:*:*:*:*:*:*", + "matchCriteriaId": "0D428FA6-08BA-4F7E-B1C7-4AFD17919899" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4517:*:*:*:*:*:*", + "matchCriteriaId": "C7AB124C-63E2-4CC2-B5C9-E7141E23D56C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4518:*:*:*:*:*:*", + "matchCriteriaId": "0E2D49D5-6F95-42F5-8EF0-DAD47C51D141" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4519:*:*:*:*:*:*", + "matchCriteriaId": "EF9477F5-C6FD-4589-917B-FD206371DB33" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4520:*:*:*:*:*:*", + "matchCriteriaId": "B51D61F5-7198-4B33-8AFD-A78E34F6B1AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4523:*:*:*:*:*:*", + "matchCriteriaId": "8CB27467-3157-466A-B01C-461348BD95C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4525:*:*:*:*:*:*", + "matchCriteriaId": "2D575B4D-D58A-4B92-9723-4AB54E29924A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4527:*:*:*:*:*:*", + "matchCriteriaId": "E76BB070-9BC9-4712-B021-156871C3B06A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4528:*:*:*:*:*:*", + "matchCriteriaId": "52D35850-9BE1-479A-B0AF-339E42BCA708" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4529:*:*:*:*:*:*", + "matchCriteriaId": "681A77B6-7E22-4132-803B-A0AD117CE7C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0", + "matchCriteriaId": "658DC76D-E0FE-40FA-B966-6DA6ED531FCD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*", + "matchCriteriaId": "948993BE-7B9E-4CCB-A97F-28B46DFE52A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*", + "matchCriteriaId": "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*", + "matchCriteriaId": "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*", + "matchCriteriaId": "4C8B3F77-7886-4F80-B75A-59063C762307" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*", + "matchCriteriaId": "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*", + "matchCriteriaId": "A708628C-31E8-4A52-AEF7-297E2DDFA0C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*", + "matchCriteriaId": "A8A01385-A493-42C0-ABBE-6A30C8594F8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*", + "matchCriteriaId": "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*", + "matchCriteriaId": "B6865936-A773-4353-8891-8269508B2180" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*", + "matchCriteriaId": "9CAD778E-8FDB-4CE2-A593-75EEA75F6361" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*", + "matchCriteriaId": "52A9BA64-A248-4490-BDA7-671D64C0B3CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*", + "matchCriteriaId": "DFF0A7E8-888B-4CBE-B799-16557244DDF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*", + "matchCriteriaId": "8B480202-7632-4CFA-A485-DDFF1D1DB757" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*", + "matchCriteriaId": "AB9B0721-49FD-49E7-97E4-E4E3EBF64856" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*", + "matchCriteriaId": "874F5DDD-EA8D-4C1E-824A-321C52959649" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*", + "matchCriteriaId": "8CAA4713-DA95-46AC-AFA5-9D22F8819B06" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*", + "matchCriteriaId": "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*", + "matchCriteriaId": "832AAAAF-5C34-4DDF-96A4-080002F9BC6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*", + "matchCriteriaId": "29ED63C4-FB06-41AC-ABCD-63B3233658A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*", + "matchCriteriaId": "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*", + "matchCriteriaId": "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*", + "matchCriteriaId": "51400F37-6310-44A3-A683-068DF64D20F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*", + "matchCriteriaId": "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*", + "matchCriteriaId": "78CB8751-856A-41AC-904A-70FA1E15A946" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*", + "matchCriteriaId": "72B7E27E-1443-46DC-8389-FBD337E612F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*", + "matchCriteriaId": "F9BB1077-C1F5-4368-9930-8E7424E7EB98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*", + "matchCriteriaId": "EE307CE4-574D-4FF7-BED6-5BBECF886578" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.2", + "matchCriteriaId": "D69A22E7-FF66-43A0-83FF-4D0ADF25B33D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14200:*:*:*:*:*:*", + "matchCriteriaId": "4A89D0AC-E27C-4C35-8E2E-44DF0BBD6FF5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14201:*:*:*:*:*:*", + "matchCriteriaId": "19A77447-AA60-4011-A64B-0A065F43279E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14202:*:*:*:*:*:*", + "matchCriteriaId": "811ADC13-780C-4325-8879-E521CBEC20B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14203:*:*:*:*:*:*", + "matchCriteriaId": "DB25E317-1104-4CFE-8F6A-B8B55F578F94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14204:*:*:*:*:*:*", + "matchCriteriaId": "8157D1BB-556A-444B-9F4C-0BD0EF4CF02F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14300:*:*:*:*:*:*", + "matchCriteriaId": "E73FEA45-5AA3-4C49-91D3-E07A53E34515" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14301:*:*:*:*:*:*", + "matchCriteriaId": "8CA65161-0C0B-45E7-BBEA-FA214DBF964B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14302:*:*:*:*:*:*", + "matchCriteriaId": "9097C0CA-001B-4604-BCDB-ED28AB292CC7" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.3", + "matchCriteriaId": "CE99DDEC-EA8D-4E15-A227-30B242611078" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14300:*:*:*:*:*:*", + "matchCriteriaId": "52843587-34AD-4992-8E68-25CD02E247A3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.4", + "matchCriteriaId": "30C9A012-AD39-45B2-BA3F-8D7180FC5390" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*", + "matchCriteriaId": "7C5E7CE6-F85E-49B2-9078-F661AA3723C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*", + "matchCriteriaId": "1194B4C2-FBF2-4015-B666-235897971DD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*", + "matchCriteriaId": "4F5F0CA5-CEC3-4342-A7D1-3616C482B965" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.3", + "matchCriteriaId": "4707D700-23C4-4BBD-9683-4E6D59989127" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14300:*:*:*:*:*:*", + "matchCriteriaId": "39E8C9FE-3C1C-4E32-8BD4-14A88C49F587" + } + ] + } + ] + } + ], "references": [ { "url": "https://manageengine.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39348.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39348.json index 93cb1e43d21..a43d4db524c 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39348.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39348.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39348", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-28T20:15:08.107", - "lastModified": "2023-08-29T05:18:54.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:37:25.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,57 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.28.8", + "matchCriteriaId": "5055E17C-E70F-46DF-83A0-9165DF47E729" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.29.0", + "versionEndExcluding": "1.29.6", + "matchCriteriaId": "982824E4-DEF6-403B-98EB-5DF9869D6821" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.30.0", + "versionEndExcluding": "1.30.3", + "matchCriteriaId": "4E0739E0-34DD-46D9-A3AE-39E784FF4993" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:spinnaker:1.30.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F88DF325-E9E1-4047-9668-6853E411505D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/spinnaker/echo/pull/1316", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-rq5c-hvw6-8pr7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-397xx/CVE-2023-39714.json b/CVE-2023/CVE-2023-397xx/CVE-2023-39714.json new file mode 100644 index 00000000000..3c5535cebdc --- /dev/null +++ b/CVE-2023/CVE-2023-397xx/CVE-2023-39714.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-39714", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-01T18:15:07.710", + "lastModified": "2023-09-01T18:15:07.710", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/Arajawat007/141e68161014e832e30d39b1979a8a6c#file-cve-2023-39714", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40170.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40170.json index 28cacaeae40..fba0f2f490f 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40170.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40170.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40170", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-28T21:15:07.873", - "lastModified": "2023-08-29T05:18:54.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:36:32.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jupyter:jupyter_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.7.2", + "matchCriteriaId": "B83A20E2-B301-47B0-AE30-3363B1FE64F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40185.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40185.json index eb70926dcf2..d0b19e03aed 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40185.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40185.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40185", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-23T21:15:09.063", - "lastModified": "2023-08-24T02:02:17.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:02:45.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,66 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "1.7.4", + "matchCriteriaId": "68A1452B-CAE3-44C6-A01D-F9E73A62DAB8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/ericcornelissen/shescape/pull/1142", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40586.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40586.json index 9b5a4f69dc9..e7f870ff514 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40586.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40586.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40586", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-25T21:15:09.197", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:06:17.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +76,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:coraza:coraza:3.0.0:*:*:*:*:go:*:*", + "matchCriteriaId": "7966EDCD-F5B7-4439-A2E8-8A4CE1CA250A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/corazawaf/coraza/commit/a5239ba3ce839e14d9b4f9486e1b4a403dcade8c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/corazawaf/coraza/security/advisories/GHSA-c2pj-v37r-2p6h", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json new file mode 100644 index 00000000000..cb4491067f0 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-41051", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-01T19:15:42.883", + "lastModified": "2023-09-01T19:15:42.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function\u2019s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 2.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.0, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://crates.io/crates/vm-memory/0.12.2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rust-vmm/vm-memory/security/advisories/GHSA-49hh-fprx-m68g", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41109.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41109.json index cef33f70e37..8f6e6b5c9eb 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41109.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41109.json @@ -2,23 +2,95 @@ "id": "CVE-2023-41109", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T20:15:08.273", - "lastModified": "2023-08-29T05:18:54.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:37:07.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:patton:smartnode_sn200_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.21.2-23021", + "matchCriteriaId": "7722AB96-9C76-466B-BF73-B26027935780" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:patton:smartnode_sn200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A80D241-2596-423F-9012-3BD25DBE06A8" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.syss.de/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-019.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41121.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41121.json index 58c0ca2f7bf..6618407c714 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41121.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41121.json @@ -2,23 +2,95 @@ "id": "CVE-2023-41121", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T22:15:11.313", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:48:33.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.4.0.499", + "matchCriteriaId": "986B8380-E886-4F0E-83C2-D07FC48C0A03" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6E149796-E3D7-4FAF-AB64-8D273E701861" + } + ] + } + ] + } + ], "references": [ { "url": "https://semonto.com/tools/website-reachability-check?test=325b4e588e64536b21664d24640f547", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Denial_of_Service_ID-144162.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41559.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41559.json index 82a8a6bd8db..775dde9a1c4 100644 --- a/CVE-2023/CVE-2023-415xx/CVE-2023-41559.json +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41559.json @@ -2,19 +2,141 @@ "id": "CVE-2023-41559", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T13:15:14.280", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-01T19:10:58.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*", + "matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*", + "matchCriteriaId": "4D94B37C-491D-4E7C-8273-F46FEDA62C9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "96503617-6B69-4862-ADFE-4EF379876F0F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*", + "matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/peris-navince/founded-0-days/blob/main/fromNatStaticSetting/1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41563.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41563.json index 66ba65b3e31..477c2f2641e 100644 --- a/CVE-2023/CVE-2023-415xx/CVE-2023-41563.json +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41563.json @@ -2,19 +2,114 @@ "id": "CVE-2023-41563", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T13:15:15.043", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-01T19:54:35.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*", + "matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*", + "matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/peris-navince/founded-0-days/blob/main/GetParentControlInfo/1.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41633.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41633.json new file mode 100644 index 00000000000..c50bb490540 --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41633.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-41633", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-01T19:15:43.003", + "lastModified": "2023-09-01T19:15:43.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/rycbar77/3da455382f88cfb6d6798572f34378bd", + "source": "cve@mitre.org" + }, + { + "url": "https://rycbar77.github.io/2023/08/29/catdoc-0-95-nullptr-dereference/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4596.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4596.json index d128590c0cd..a33c29ec882 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4596.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4596.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4596", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-30T02:15:09.353", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:17:25.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,18 +50,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.24.6", + "matchCriteriaId": "DB7C43F0-DD62-44EC-97FB-0EAC45C12678" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.exploit-db.com/exploits/51664", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4597.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4597.json index 3fb91787de2..6f3631df8aa 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4597.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4597.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4597", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-30T02:15:09.660", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:36:38.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,8 +13,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -46,18 +66,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp-slimstat:slimstat_analytics:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.0.9", + "matchCriteriaId": "D7F95125-E2E9-49B0-A095-97E35735F1B7" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.0.9/wp-slimstat.php#L892", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52aee4b8-f494-4eeb-8357-71ce8d5bc656?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4599.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4599.json index c9ce3797812..ed8dfd413f2 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4599.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4599.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4599", "sourceIdentifier": "security@wordfence.com", "published": "2023-08-30T02:15:09.870", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:59:53.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -50,18 +70,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp-webhooks:email_encoder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.7", + "matchCriteriaId": "CD48E8F6-C218-4A21-95D9-D7ABED78A47F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.1.7/core/includes/classes/class-email-encoder-bundle-run.php#L529", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2958823/email-encoder-bundle#file60", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e90f04e4-eb4c-4822-89c6-79f553987c37?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4611.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4611.json index 9defcbcac38..dc7bcd0288b 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4611.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4611.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4611", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-29T22:15:09.397", - "lastModified": "2023-08-29T23:49:20.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:36:56.110", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.2 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,18 +54,75 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.5", + "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*", + "matchCriteriaId": "F5608371-157A-4318-8A2E-4104C3467EA1" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-4611", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227244", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://www.spinics.net/lists/stable-commits/msg310136.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4624.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4624.json index be884d61a8f..611484b4fc3 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4624.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4624.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4624", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-30T13:15:15.287", - "lastModified": "2023-08-30T13:23:15.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T19:59:22.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -36,7 +58,7 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +66,51 @@ "value": "CWE-918" } ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bookstackapp:bookstack:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.08", + "matchCriteriaId": "F1A047AC-D2DC-43E8-94C4-5C4E9851BEDF" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/bookstackapp/bookstack/commit/c324ad928dbdd54ce5b09eb0dabe60ef9de1ea38", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://huntr.dev/bounties/9ce5cef6-e546-44e7-addf-a2726fa4e60c", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4652.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4652.json index c7a1960013c..abe5c242289 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4652.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4652.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4652", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-31T01:15:10.063", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:39:07.780", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:instantcms:instantcms:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.1", + "matchCriteriaId": "56EF3F9B-6CDB-4568-AF80-EEF6D72B72F6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/instantsoft/icms2/commit/7a7e57e77f12f36d0e96be6d5b9066389372dbcd", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/7869e4af-fad9-48c3-9e4f-c949e54cbb41", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4653.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4653.json index d847ca53840..2e9920d58bc 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4653.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4653.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4653", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-31T01:15:10.297", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:39:05.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:instantcms:instantcms:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.1", + "matchCriteriaId": "56EF3F9B-6CDB-4568-AF80-EEF6D72B72F6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/instantsoft/icms2/commit/7e9d79818bd52dfa7811d5978c72785054c65242", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/e0bf7e95-fc8c-4fd4-8575-8b46b9431c6d", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4655.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4655.json index 02432730009..f90f2d97982 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4655.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4655.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4655", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-31T01:15:10.740", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-01T18:39:47.187", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:instantcms:instantcms:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.16.1", + "matchCriteriaId": "56EF3F9B-6CDB-4568-AF80-EEF6D72B72F6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/instantsoft/icms2/commit/a6a30e7bc96cd2081707388046c0259870533da6", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/e2189ad5-b665-4ba5-b6c4-112e58ae9a97", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4707.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4707.json new file mode 100644 index 00000000000..98636bffcf3 --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4707.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-4707", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-01T18:15:07.793", + "lastModified": "2023-09-01T18:15:07.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been declared as problematic. This vulnerability affects unknown code of the file /collection/all. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. VDB-238570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.238570", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.238570", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4708.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4708.json new file mode 100644 index 00000000000..80138ceb80e --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4708.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-4708", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-01T18:15:07.893", + "lastModified": "2023-09-01T18:15:07.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.238571", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.238571", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4709.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4709.json new file mode 100644 index 00000000000..01760551e92 --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4709.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-4709", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-01T19:15:43.063", + "lastModified": "2023-09-01T19:15:43.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-238572. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.238572", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.238572", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 2fca189cf5f..e66498081e1 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-01T18:00:25.460342+00:00 +2023-09-01T20:00:25.380934+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-01T17:31:30.300000+00:00 +2023-09-01T19:59:22.693000+00:00 ``` ### Last Data Feed Release @@ -29,53 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223930 +223937 ``` ### CVEs added in the last Commit -Recently added CVEs: `20` +Recently added CVEs: `7` -* [CVE-2020-22612](CVE-2020/CVE-2020-226xx/CVE-2020-22612.json) (`2023-09-01T16:15:07.533`) -* [CVE-2022-3407](CVE-2022/CVE-2022-34xx/CVE-2022-3407.json) (`2023-09-01T17:15:07.463`) -* [CVE-2023-28366](CVE-2023/CVE-2023-283xx/CVE-2023-28366.json) (`2023-09-01T16:15:07.790`) -* [CVE-2023-36076](CVE-2023/CVE-2023-360xx/CVE-2023-36076.json) (`2023-09-01T16:15:07.857`) -* [CVE-2023-36088](CVE-2023/CVE-2023-360xx/CVE-2023-36088.json) (`2023-09-01T16:15:07.910`) -* [CVE-2023-36100](CVE-2023/CVE-2023-361xx/CVE-2023-36100.json) (`2023-09-01T16:15:07.967`) -* [CVE-2023-36187](CVE-2023/CVE-2023-361xx/CVE-2023-36187.json) (`2023-09-01T16:15:08.020`) -* [CVE-2023-36326](CVE-2023/CVE-2023-363xx/CVE-2023-36326.json) (`2023-09-01T16:15:08.077`) -* [CVE-2023-36327](CVE-2023/CVE-2023-363xx/CVE-2023-36327.json) (`2023-09-01T16:15:08.127`) -* [CVE-2023-36328](CVE-2023/CVE-2023-363xx/CVE-2023-36328.json) (`2023-09-01T16:15:08.177`) -* [CVE-2023-39582](CVE-2023/CVE-2023-395xx/CVE-2023-39582.json) (`2023-09-01T16:15:08.230`) -* [CVE-2023-39631](CVE-2023/CVE-2023-396xx/CVE-2023-39631.json) (`2023-09-01T16:15:08.370`) -* [CVE-2023-40771](CVE-2023/CVE-2023-407xx/CVE-2023-40771.json) (`2023-09-01T16:15:08.423`) -* [CVE-2023-40968](CVE-2023/CVE-2023-409xx/CVE-2023-40968.json) (`2023-09-01T16:15:08.473`) -* [CVE-2023-40980](CVE-2023/CVE-2023-409xx/CVE-2023-40980.json) (`2023-09-01T16:15:08.523`) -* [CVE-2023-4720](CVE-2023/CVE-2023-47xx/CVE-2023-4720.json) (`2023-09-01T16:15:08.577`) -* [CVE-2023-4721](CVE-2023/CVE-2023-47xx/CVE-2023-4721.json) (`2023-09-01T16:15:08.660`) -* [CVE-2023-4722](CVE-2023/CVE-2023-47xx/CVE-2023-4722.json) (`2023-09-01T16:15:08.737`) -* [CVE-2023-41627](CVE-2023/CVE-2023-416xx/CVE-2023-41627.json) (`2023-09-01T17:15:07.633`) -* [CVE-2023-41628](CVE-2023/CVE-2023-416xx/CVE-2023-41628.json) (`2023-09-01T17:15:07.690`) +* [CVE-2023-39714](CVE-2023/CVE-2023-397xx/CVE-2023-39714.json) (`2023-09-01T18:15:07.710`) +* [CVE-2023-4707](CVE-2023/CVE-2023-47xx/CVE-2023-4707.json) (`2023-09-01T18:15:07.793`) +* [CVE-2023-4708](CVE-2023/CVE-2023-47xx/CVE-2023-4708.json) (`2023-09-01T18:15:07.893`) +* [CVE-2023-1523](CVE-2023/CVE-2023-15xx/CVE-2023-1523.json) (`2023-09-01T19:15:42.707`) +* [CVE-2023-41051](CVE-2023/CVE-2023-410xx/CVE-2023-41051.json) (`2023-09-01T19:15:42.883`) +* [CVE-2023-41633](CVE-2023/CVE-2023-416xx/CVE-2023-41633.json) (`2023-09-01T19:15:43.003`) +* [CVE-2023-4709](CVE-2023/CVE-2023-47xx/CVE-2023-4709.json) (`2023-09-01T19:15:43.063`) ### CVEs modified in the last Commit -Recently modified CVEs: `14` +Recently modified CVEs: `27` -* [CVE-2018-25089](CVE-2018/CVE-2018-250xx/CVE-2018-25089.json) (`2023-09-01T17:25:13.760`) -* [CVE-2021-36978](CVE-2021/CVE-2021-369xx/CVE-2021-36978.json) (`2023-09-01T16:15:07.650`) -* [CVE-2022-27597](CVE-2022/CVE-2022-275xx/CVE-2022-27597.json) (`2023-09-01T17:10:13.670`) -* [CVE-2022-27598](CVE-2022/CVE-2022-275xx/CVE-2022-27598.json) (`2023-09-01T17:10:25.797`) -* [CVE-2023-39600](CVE-2023/CVE-2023-396xx/CVE-2023-39600.json) (`2023-09-01T16:15:08.287`) -* [CVE-2023-32559](CVE-2023/CVE-2023-325xx/CVE-2023-32559.json) (`2023-09-01T17:05:35.170`) -* [CVE-2023-40572](CVE-2023/CVE-2023-405xx/CVE-2023-40572.json) (`2023-09-01T17:07:35.057`) -* [CVE-2023-40573](CVE-2023/CVE-2023-405xx/CVE-2023-40573.json) (`2023-09-01T17:09:35.270`) -* [CVE-2023-23355](CVE-2023/CVE-2023-233xx/CVE-2023-23355.json) (`2023-09-01T17:10:05.397`) -* [CVE-2023-27604](CVE-2023/CVE-2023-276xx/CVE-2023-27604.json) (`2023-09-01T17:11:03.007`) -* [CVE-2023-3704](CVE-2023/CVE-2023-37xx/CVE-2023-3704.json) (`2023-09-01T17:12:08.027`) -* [CVE-2023-4230](CVE-2023/CVE-2023-42xx/CVE-2023-4230.json) (`2023-09-01T17:12:36.097`) -* [CVE-2023-40195](CVE-2023/CVE-2023-401xx/CVE-2023-40195.json) (`2023-09-01T17:14:19.163`) -* [CVE-2023-41028](CVE-2023/CVE-2023-410xx/CVE-2023-41028.json) (`2023-09-01T17:31:30.300`) +* [CVE-2023-40586](CVE-2023/CVE-2023-405xx/CVE-2023-40586.json) (`2023-09-01T18:06:17.537`) +* [CVE-2023-3453](CVE-2023/CVE-2023-34xx/CVE-2023-3453.json) (`2023-09-01T18:11:49.340`) +* [CVE-2023-33876](CVE-2023/CVE-2023-338xx/CVE-2023-33876.json) (`2023-09-01T18:15:07.427`) +* [CVE-2023-4596](CVE-2023/CVE-2023-45xx/CVE-2023-4596.json) (`2023-09-01T18:17:25.357`) +* [CVE-2023-40170](CVE-2023/CVE-2023-401xx/CVE-2023-40170.json) (`2023-09-01T18:36:32.463`) +* [CVE-2023-4597](CVE-2023/CVE-2023-45xx/CVE-2023-4597.json) (`2023-09-01T18:36:38.313`) +* [CVE-2023-4611](CVE-2023/CVE-2023-46xx/CVE-2023-4611.json) (`2023-09-01T18:36:56.110`) +* [CVE-2023-41109](CVE-2023/CVE-2023-411xx/CVE-2023-41109.json) (`2023-09-01T18:37:07.207`) +* [CVE-2023-39348](CVE-2023/CVE-2023-393xx/CVE-2023-39348.json) (`2023-09-01T18:37:25.700`) +* [CVE-2023-35785](CVE-2023/CVE-2023-357xx/CVE-2023-35785.json) (`2023-09-01T18:37:42.127`) +* [CVE-2023-33317](CVE-2023/CVE-2023-333xx/CVE-2023-33317.json) (`2023-09-01T18:38:41.257`) +* [CVE-2023-4653](CVE-2023/CVE-2023-46xx/CVE-2023-4653.json) (`2023-09-01T18:39:05.677`) +* [CVE-2023-4652](CVE-2023/CVE-2023-46xx/CVE-2023-4652.json) (`2023-09-01T18:39:07.780`) +* [CVE-2023-4655](CVE-2023/CVE-2023-46xx/CVE-2023-4655.json) (`2023-09-01T18:39:47.187`) +* [CVE-2023-41121](CVE-2023/CVE-2023-411xx/CVE-2023-41121.json) (`2023-09-01T18:48:33.107`) +* [CVE-2023-4599](CVE-2023/CVE-2023-45xx/CVE-2023-4599.json) (`2023-09-01T18:59:53.493`) +* [CVE-2023-33325](CVE-2023/CVE-2023-333xx/CVE-2023-33325.json) (`2023-09-01T19:05:34.913`) +* [CVE-2023-41559](CVE-2023/CVE-2023-415xx/CVE-2023-41559.json) (`2023-09-01T19:10:58.247`) +* [CVE-2023-34032](CVE-2023/CVE-2023-340xx/CVE-2023-34032.json) (`2023-09-01T19:15:40.420`) +* [CVE-2023-34180](CVE-2023/CVE-2023-341xx/CVE-2023-34180.json) (`2023-09-01T19:22:34.537`) +* [CVE-2023-34176](CVE-2023/CVE-2023-341xx/CVE-2023-34176.json) (`2023-09-01T19:24:19.840`) +* [CVE-2023-34175](CVE-2023/CVE-2023-341xx/CVE-2023-34175.json) (`2023-09-01T19:36:10.463`) +* [CVE-2023-34174](CVE-2023/CVE-2023-341xx/CVE-2023-34174.json) (`2023-09-01T19:37:34.893`) +* [CVE-2023-41563](CVE-2023/CVE-2023-415xx/CVE-2023-41563.json) (`2023-09-01T19:54:35.217`) +* [CVE-2023-4624](CVE-2023/CVE-2023-46xx/CVE-2023-4624.json) (`2023-09-01T19:59:22.693`) ## Download and Usage